Safe Web Fetch for Save Token
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: safe-web-fetch-for-save-token Version: 1.0.0 The skill bundle provides a utility for fetching and cleaning web content using the Jina Reader service or direct requests. Analysis of `scripts/safe_fetch.py` confirms the implementation of robust security features, including SSRF protection via IP resolution checks, mandatory SSL verification, and regex-based sensitive data detection (e.g., API keys, private keys) to prevent data leakage. The code uses standard Python libraries and lacks any indicators of malicious intent, obfuscation, or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the skill to avoid insecure or sensitive fetches, while the main fetch path can still send URLs and retrieved content through Jina without the advertised local sensitive-data screening.
The skill advertises forced SSL verification and sensitive-data detection, but the primary Jina path rewrites the target into an HTTP-form Jina URL and explicitly disables sensitive-data checks for the fetched Jina result.
clean_url = original_url.replace('https://', '').replace('http://', '')
jina_url = f"https://r.jina.ai/http://{clean_url}"
...
result = fetch_url_direct(jina_url, config, check_sensitive=False)Do not use this skill for private, authenticated, token-bearing, or sensitive URLs unless the implementation is changed to preserve HTTPS target semantics, inspect URL/query secrets before third-party routing, and accurately document what is and is not scanned.
A public URL that redirects to a private or internal address could potentially bypass the initial SSRF checks during direct fallback fetching.
The visible code validates the original URL before fetching, then uses urllib's normal URL opening path; the shown implementation does not revalidate the final URL after redirects, despite claiming SSRF protection.
is_valid, error = validate_url(original_url, config) ... with urllib.request.urlopen(req, timeout=config['timeout'], context=ssl_context) as response:
Validate every redirect target before following it, enforce the configured max_redirects, and re-check the final resolved hostname/IP before returning content.
URLs and fetched web content may be processed outside the local agent environment.
The skill clearly discloses that it uses the external Jina Reader service to fetch and clean pages; this is purpose-aligned but means requested URLs and page content may be handled by a third party.
自动使用 Jina Reader 获取干净 Markdown
Use this only for public or non-sensitive pages, and configure an allowlist if you want to restrict which domains can be fetched.